CVE-2022-41828

Опубликовано: 29 сент. 2022

Источник: nvd

CVSS3: 8.1

CVSS3: 8.8

EPSS Средний

Описание

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.

Ссылки

https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
Patch
Third Party Advisory
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86
Third Party Advisory
https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5
Patch
Third Party Advisory
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:amazon:amazon_web_services_redshift_java_database_connectivity_driver:*:*:*:*:*:*:*:*

Версия до 2.1.0.8 (исключая)

EPSS

Процентиль: 98%

0.55562

Средний

8.1 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-704

Связанные уязвимости

GHSA-jc69-hjw2-fm86

CVSS3: 7.1

github

больше 3 лет назад

com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution

EPSS

Процентиль: 98%

0.55562

Средний

8.1 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-704